Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/c2fcfa-7dc1-4200-899e-bc493d5cbb5c/1/TFJEUrdKXP5FQbOrB4ItcWnFvB4.roa
File:                     TFJEUrdKXP5FQbOrB4ItcWnFvB4.roa (raw, json)
Hash identifier:          kB7+RivSGadpguCPUd+dLGAiw3Jg6bqT1eO3dIJilrk=
Subject key identifier:   4C:52:44:52:B7:4A:5C:FE:45:41:B3:AB:07:82:2D:71:69:C5:BC:1E
Certificate issuer:       /CN=3708e04fd7bf81b675dcbe7b29aa263c912078b6
Certificate serial:       018CC9BCEC5A0088BEC10020F4D0626CF841
Authority key identifier: 37:08:E0:4F:D7:BF:81:B6:75:DC:BE:7B:29:AA:26:3C:91:20:78:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NwjgT9e_gbZ13L57KaomPJEgeLY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/c2fcfa-7dc1-4200-899e-bc493d5cbb5c/1/TFJEUrdKXP5FQbOrB4ItcWnFvB4.roa
Signing time:             Tue 02 Jan 2024 10:34:10 +0000
ROA not before:           Tue 02 Jan 2024 10:34:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203269
IP address blocks:        2001:67c:428::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/c2fcfa-7dc1-4200-899e-bc493d5cbb5c/1/NwjgT9e_gbZ13L57KaomPJEgeLY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/c2fcfa-7dc1-4200-899e-bc493d5cbb5c/1/NwjgT9e_gbZ13L57KaomPJEgeLY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NwjgT9e_gbZ13L57KaomPJEgeLY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:ec:5a:00:88:be:c1:00:20:f4:d0:62:6c:f8:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3708e04fd7bf81b675dcbe7b29aa263c912078b6
        Validity
            Not Before: Jan  2 10:34:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c524452b74a5cfe4541b3ab07822d7169c5bc1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:b6:2f:50:ab:9c:c0:cb:19:46:fa:94:a2:d5:
                    ce:c4:13:b0:38:ab:3b:89:bd:e2:74:57:3c:a3:54:
                    1c:b4:4c:cb:e8:5d:32:e5:93:62:be:d0:d1:4e:f4:
                    f0:1e:74:91:83:26:68:07:03:c2:38:e1:0e:04:d9:
                    14:10:ab:08:96:d8:4e:af:01:02:b3:74:5a:a7:f0:
                    0a:36:7a:fd:62:53:88:57:85:0b:74:39:87:e5:36:
                    f0:20:3b:9d:48:22:93:22:20:ec:f4:df:86:0c:d5:
                    91:ad:7e:45:9b:a7:ae:5c:1f:63:79:39:a0:2f:ca:
                    81:53:50:b3:39:eb:60:e2:b3:69:9d:34:a3:bc:99:
                    2a:53:c8:ce:57:e6:bb:4f:ce:57:a4:b6:6d:5b:ca:
                    d7:5b:d9:67:5c:1c:3f:f9:28:bb:30:4f:e6:66:b8:
                    71:94:6f:a4:99:55:35:62:23:25:45:55:8c:f7:2a:
                    e3:76:ba:c3:00:d3:b8:62:a8:5c:c2:cb:72:30:4d:
                    0d:94:a8:fa:60:56:55:b9:ff:38:79:d9:88:74:48:
                    b5:c6:81:7f:cd:c3:cb:ac:a2:66:2f:d6:bc:87:20:
                    8c:b2:0e:ee:56:65:08:6e:f4:c4:18:f5:a8:6e:6e:
                    66:a8:fc:55:96:0b:eb:41:98:90:1f:a8:ae:a4:55:
                    f1:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:52:44:52:B7:4A:5C:FE:45:41:B3:AB:07:82:2D:71:69:C5:BC:1E
            X509v3 Authority Key Identifier:
                keyid:37:08:E0:4F:D7:BF:81:B6:75:DC:BE:7B:29:AA:26:3C:91:20:78:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NwjgT9e_gbZ13L57KaomPJEgeLY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c2fcfa-7dc1-4200-899e-bc493d5cbb5c/1/TFJEUrdKXP5FQbOrB4ItcWnFvB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c2fcfa-7dc1-4200-899e-bc493d5cbb5c/1/NwjgT9e_gbZ13L57KaomPJEgeLY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:428::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:cd:d5:4b:92:a5:71:19:2e:82:88:cc:bf:37:53:9c:35:13:
         b8:e4:d1:d2:a9:db:6f:c2:d2:e3:ae:f2:a7:a6:b4:b0:54:15:
         d1:4a:f2:8f:8f:26:74:76:ef:dc:18:28:98:7e:72:80:1f:05:
         06:86:e5:f7:2b:57:60:47:1b:f8:1f:af:18:b3:3b:ae:41:0b:
         c6:72:01:b4:08:8c:a4:d6:35:68:11:64:32:43:1a:c0:c7:d2:
         5b:83:3a:9f:3e:0a:c6:fe:dc:e5:f3:7c:e5:76:45:c0:8e:03:
         4c:96:a8:d9:1f:c5:77:20:5c:09:5e:9a:4c:62:66:45:ad:fd:
         a7:34:5b:c2:ab:c7:e0:76:8c:09:95:19:bc:68:d8:6a:93:b7:
         b4:a0:f3:9e:cd:d4:c2:88:3a:5b:07:ac:77:09:06:19:a5:ed:
         29:d9:79:2d:5a:59:4d:6f:d0:94:8b:80:3b:23:01:1f:1c:3b:
         76:44:df:ec:7a:fe:33:5e:f2:76:31:4a:6e:8d:df:0d:9f:65:
         d4:3b:d4:56:48:3e:73:1e:31:9e:d6:d7:79:9d:72:06:f3:9b:
         99:48:59:06:1e:12:44:ec:b2:64:e4:56:cf:6f:70:21:ba:b1:
         ab:e3:e6:47:76:e9:1d:6d:d8:b4:1d:5c:81:02:e4:28:35:ab:
         24:11:9d:51
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvOxaAIi+wQAg9NBibPhBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MDhlMDRmZDdiZjgxYjY3NWRjYmU3YjI5YWEyNjNjOTEy
MDc4YjYwHhcNMjQwMTAyMTAzNDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzUyNDQ1MmI3NGE1Y2ZlNDU0MWIzYWIwNzgyMmQ3MTY5YzViYzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5bYvUKucwMsZRvqUotXOxBOwOKs7
ib3idFc8o1QctEzL6F0y5ZNivtDRTvTwHnSRgyZoBwPCOOEOBNkUEKsIlthOrwEC
s3Rap/AKNnr9YlOIV4ULdDmH5TbwIDudSCKTIiDs9N+GDNWRrX5Fm6euXB9jeTmg
L8qBU1CzOetg4rNpnTSjvJkqU8jOV+a7T85XpLZtW8rXW9lnXBw/+Si7ME/mZrhx
lG+kmVU1YiMlRVWM9yrjdrrDANO4YqhcwstyME0NlKj6YFZVuf84edmIdEi1xoF/
zcPLrKJmL9a8hyCMsg7uVmUIbvTEGPWobm5mqPxVlgvrQZiQH6iupFXxRQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFExSRFK3Slz+RUGzqweCLXFpxbweMB8GA1UdIwQY
MBaAFDcI4E/Xv4G2ddy+eymqJjyRIHi2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTndqZ1Q5ZV9nYloxM0w1N0thb21QSkVnZUxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9jMmZjZmEtN2RjMS00MjAwLTg5OWUt
YmM0OTNkNWNiYjVjLzEvVEZKRVVyZEtYUDVGUWJPckI0SXRjV25GdkI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9jMmZjZmEtN2RjMS00MjAwLTg5OWUtYmM0OTNkNWNiYjVj
LzEvTndqZ1Q5ZV9nYloxM0w1N0thb21QSkVnZUxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAQo
MA0GCSqGSIb3DQEBCwUAA4IBAQAWzdVLkqVxGS6CiMy/N1OcNRO45NHSqdtvwtLj
rvKnprSwVBXRSvKPjyZ0du/cGCiYfnKAHwUGhuX3K1dgRxv4H68YszuuQQvGcgG0
CIyk1jVoEWQyQxrAx9JbgzqfPgrG/tzl83zldkXAjgNMlqjZH8V3IFwJXppMYmZF
rf2nNFvCq8fgdowJlRm8aNhqk7e0oPOezdTCiDpbB6x3CQYZpe0p2XktWllNb9CU
i4A7IwEfHDt2RN/sev4zXvJ2MUpujd8Nn2XUO9RWSD5zHjGe1td5nXIG85uZSFkG
HhJE7LJk5FbPb3AhurGr4+ZHdukdbdi0HVyBAuQoNaskEZ1R
-----END CERTIFICATE-----